mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-30 06:46:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
pipewire/src/modules
History
Wim Taymans 88a3bf8aab security: validate packet length in AVB get_avb_info handler 
Memory Safety: High

The handle_get_avb_info_common() function copied network packet data
into a stack buffer using memcpy(buf, m, len) without validating that
len fits within the 2048-byte buffer. A crafted AVB packet with a
large length could overflow the stack buffer. Added bounds validation
matching the pattern already used in handle_read_descriptor_common().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-27 11:24:11 +02:00
..
module-adapter *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-avb security: validate packet length in AVB get_avb_info handler 2026-04-27 11:24:11 +02:00
module-client-device core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-jack-tunnel dlopen: support search path ending in / 2026-04-13 10:26:33 +02:00
module-metadata metadata: Added context monitor for removed globals 2024-02-12 08:40:49 +00:00
module-netjack2 spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
module-profiler treewide: use SPDX tags to specify copyright information 2023-02-16 10:54:48 +00:00
module-protocol-native test: fix pod size 2026-04-08 11:28:04 +02:00
module-protocol-pulse spa: add spa_alloca that does overflow and limit checks 2026-04-27 10:53:44 +02:00
module-raop security: downgrade RAOP auth logging from info to debug level 2026-04-27 11:02:48 +02:00
module-roc pipewire: module-roc-{sink,source}: fix log format string issues 2026-02-19 19:37:15 +00:00
module-rt doc: clarify rlimits conf file 2024-01-05 10:22:28 +01:00
module-rtp security: fix inverted overflow check in RTP MIDI message size parsing 2026-04-24 15:55:35 +02:00
module-sendspin spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
module-session-manager core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-vban security: validate VBAN MIDI variable-length integers to prevent overflow 2026-04-27 11:22:50 +02:00
spa doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
zeroconf-utils zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
flatpak-utils.h modules: get also instance id for flatpak apps 2025-05-12 09:40:32 +00:00
meson.build meson: try to fix the doc build 2026-02-27 18:23:45 +01:00
module-access.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-adapter.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-avb.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-client-device.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-client-node.c modules: remove v0 protocol support 2025-07-10 16:26:01 +02:00
module-combine-stream.c security: fix integer truncation in combine-stream delay calculation 2026-04-24 15:55:35 +02:00
module-echo-cancel.c spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
module-example-filter.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-example-source.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-fallback-sink.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-ffado-driver.c midi: don't convert Midi in nodes 2026-03-25 11:59:43 +01:00
module-filter-chain.c spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
module-jack-tunnel.c docs: remove support for absolute paths from docs 2026-04-06 14:47:21 +02:00
module-jackdbus-detect.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-link-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-loopback.c spa: add and use spa_overflow macros 2026-04-24 15:55:35 +02:00
module-metadata.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-netjack2-driver.c security: validate MTU bounds in NetJack2 to prevent stack overflow 2026-04-27 11:06:14 +02:00
module-netjack2-manager.c security: validate MTU bounds in NetJack2 to prevent stack overflow 2026-04-27 11:06:14 +02:00
module-parametric-equalizer.c module-eq: Unload filter-chain on destruction 2025-12-26 18:53:48 +00:00
module-pipe-tunnel.c security: fix TOCTOU and symlink vulnerabilities in pipe-tunnel FIFO 2026-04-24 15:55:35 +02:00
module-portal.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-profiler.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-protocol-native.c security: add O_NOFOLLOW to native protocol lock file creation 2026-04-24 15:55:35 +02:00
module-protocol-pulse.c pulse-server: increase min quantum values 2025-11-06 12:52:48 +01:00
module-protocol-simple.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-pulse-tunnel.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-raop-discover.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
module-raop-sink.c security: clear RAOP auth nonce and realm before freeing 2026-04-27 11:08:04 +02:00
module-roc-sink.c pipewire: module-roc-{sink,source}: remove logging related unused code 2026-02-19 19:37:15 +00:00
module-roc-source.c pipewire: module-roc-{sink,source}: remove logging related unused code 2026-02-19 19:37:15 +00:00
module-rt.c module-rt: warn if setting niceness fails with rtlimit 2025-12-11 16:38:00 -08:00
module-rtp-sap.c module-rtp: Add more logging for debugging timer related issues 2026-03-30 23:45:34 +02:00
module-rtp-session.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
module-rtp-sink.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-rtp-source.c module-rtp-source: Only enable IGMP recovery when using multicast 2026-03-30 23:45:34 +02:00
module-scheduler-v1.c scheduler: make nodes move to IDLE when inactive 2026-04-14 14:28:29 +02:00
module-sendspin-recv.c spa: add spa_alloca that does overflow and limit checks 2026-04-27 10:53:44 +02:00
module-sendspin-send.c spa: add spa_alloca that does overflow and limit checks 2026-04-27 10:53:44 +02:00
module-session-manager.c Fix typos 2024-05-22 09:19:34 +02:00
module-snapcast-discover.c fix some uninitialized variables warnings 2026-04-08 11:29:36 +02:00
module-spa-device-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-device.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-spa-node-factory.c core: use %u format specifier for uint32_t IDs 2026-04-16 08:54:15 +00:00
module-spa-node.c doc: move modules around to add to docs 2025-01-28 12:33:47 +01:00
module-vban-recv.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-vban-send.c modules: support audio.layout where we can 2025-10-30 12:29:31 +01:00
module-x11-bell.c *: unify config.h handling 2025-05-30 10:24:13 +00:00
module-zeroconf-discover.c zeroconf: sanitize the properties 2026-02-27 17:31:42 +01:00
network-utils.h network-utils: pw_net_are_addresses_equal() function 2026-03-30 23:45:33 +02:00